OpenBSD Journal

Privilege Separation and Pledge (video)

Contributed by tj on from the feathered-edges dept.

This year's dotSecurity conference featured a presentation from OpenBSD founder Theo de Raadt, titled "Privilege Separation and Pledge."

The video is now available here, in addition to the slides.

(Comments are closed)

  1. By Anonymous Coward (2601:186:4480:479:a0e8:b325:f88:ae47) on

    imo, a very good video.

    A concise and informative explanation of where pledge came from and the benefits it provides.

  2. By Jorden Verwer ( on

    What I like about new technologies like pledge is not really the mitigating effect they have on security vulnerabilities, but rather the actual improvements in code quality that are a result of applying them correctly. This video nicely illustrates how pledge helps to improve the privilege separation in several components of OpenBSD.

    Likewise, I myself recently found a use-after-free bug in an application I wrote because of the malloc junking behavior introduced in 5.6. This shows that the OpenBSD approach of actively creating a hostile environment for programs that misbehave actually works and makes everybody's code better.

    I'm looking forward to the next step in enforcing correct behavior. Keep up the good work, guys!

  3. By Just Another OpenBSD User ( on



Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]